2.4 Re-enables UPnP by default

[ElectricZ]

Network

• Re-enabled UPnP by default in the AppConfig

Reading that, CMDRs would be wise to check their current network settings, especially if they've disabled UPnP and set up port forwarding. It sounds like the patch is going to overwrite those settings. From experience, I'm unable to wing up or chat with some people if these settings aren't correct...

Good luck to us all!

 

[Kingston@#]

after updating avast firewall. i started having things reappear in my hold after selling them. outposts vanishing when getting into srv. i discovered it was the firewall it was blocking upnp. disabled the firewall things were back to normal. upnp is needed to be unblocked and enabled..

 

[Nick Sticks]

Create a file called:

AppConfigLocal.xml

in your game install location e.g.
E:\Games\EDLaunch\Products\elite-dangerous-64

and put your network settings in that e.g.

<AppConfig>
<Network
Port="5101"
upnpenabled="0"
LogFile="netLog"
DatestampLog="1"
VerboseLogging="1"
>
</Network>
</AppConfig>

This file won't get changed by updates.

Edit: For clarification and just in case, you must set up port forwarding on your router to do this.
https://support.frontier.co.uk/kb/faq.php?id=370

https://forums.frontier.co.uk/showthread.php/238233-VERY-basic-guide-for-ED-networking

 

[Crank Larson]

upnp is needed to be unblocked and enabled..

Only if you don't set up port forwarding. uPnP is disabled on my network, and E: D works ok(ish ).

 

[ElectricZ]

Only if you don't set up port forwarding. uPnP is disabled on my network, and E: D works ok(ish ).

Yup... A lot of ISPs disable it, block it or just don't support it at all. The fact that a good chunk of CMDRs aren't even aware of these settings makes me wonder what percentage of players have never been properly configured, and what effect this has on the game as a whole as far as matchmaking and instancing and basic player-to-player communications go. Every time I see a new player post "How come I can't ever see anyone in the game" the answer isn't "it's a big galaxy and players are just spread out" but rather "you'll never see anyone because of network configuration."

On the bright side you can set up port forwarding and disable UPnP in the game menus now, but again, how many people even know to do it? And know how to configure ports in their router to support it? Or even think about it when all they want to do is load the game and play?

 

[Factabulous]

And good threads about uPnP in the game? WHen I look on t'internet it mainly talks about how you shouldn't allow uPnP onto the internet as it is unsafe...

 

[Kingston@#]

a few other things that were strange while upnp was blocked on my system.
attacking ship vanished in one place (phased out ) and appeared in another.
was able to hand over contracts receiving data as reward with no room for data.
no other cmdrs were seen during this period.
i will always check to see what state its in now. before i bug report, blocked upnp seems to cause bugs in the game.

 

[Guest104505]

UPnP, when enabled on my router, allows any application on any computer to create own firewall routes at the central router. It might be safe, but sounds weird to me.

On the other hand, IPv6 probably does just that... Giving my computer a global IP address.

 

[thearmysredneck]

I had set up port forwarding a couple of months ago and it ended up making things worse for me. I switched back.

 

[IndigoWyrd]

Hopefully these changes won't offend my Juniper router. I use STUN and Persistent-NAT rather than uPnP or traditional port forwarding.
Never had any issues to this point, so here's to hoping all continues to work normally.

 

[CMDR Dreamstate]

That's the thing about IPv6 - the Sky domain is totally non-existent, so unsure if Sky actually uses IPv6 and whether or not this causes a problem with some players in game:

Gateway IPv6 Address: fe80::a2f3:e4ff:fe47:8630

IPv6 Domain Name Server:

IPv6 Global Address: 2a02:c7f:1846:5000::1/64

IPv6 Link Local Address: fe80::7250:afff:fe7e:9f02

IPv6 Delegated Prefix: 2a02:c7f:1846:5000::/56

 

[shadragon]

UPnP, when enabled on my router, allows any application on any computer to create own firewall routes at the central router. It might be safe, but sounds weird to me.

On the other hand, IPv6 probably does just that... Giving my computer a global IP address.

No, these are two separate things and cannot be directly compared. IPv6 is perfectly safe to use, but I disable it on my home network as it is not used by my ISP.

uPnP is a dangerous protocol to deal with and as stated lots of ISP's block it out of hand on their networks. It's no different than banning gasoline from residences. This used to be enabled by default on routers and caused all sorts of security and vulnerability issues.

 

[Crank Larson]

UPnP, when enabled on my router, allows any application on any computer to create own firewall routes at the central router. It might be safe, but sounds weird to me.

That's exactly what uPnP does, though it isn't strictly limited to routers. It allows software to configure devices so that ports can be opened, etc. It's only safe if you know everything that is running on your network. Makes things easy for users, but blows huge holes in security planning (a secure network certainly wouldn't enable it).

Incidentally, uPnP is a local protocol. It opens ports on your own router, nowhere else. I've never heard of an ISP blocking it (it would be impossible to block it on your own network), though it may be that some do not enable it on the router they send out (or the router doesn't support it).

uPnP is a dangerous protocol to deal with and as stated lots of ISP's block it out of hand on their networks.

Please explain? uPnP traffic should not leave your own local network.

 

[EUS]

UPnP is still disabled by my router and OS, and I won't port forward. If that means some instancing with others will never occur, that's ok by me.
I'm not going to pinhole port(s) for a video game.

 

[Shadowdancer]

(Top-edit) That fix is for an issue in earlier beta versions and is not a change relative to 2.3.11.

Please explain? uPnP traffic should not leave your own local network.

It's a completely unauthenticated and unaudited hack that allows applications to make themselves reachable from the public Internet.

 

[Crank Larson]

It's a completely unauthenticated and unaudited hack that allows applications to make themselves reachable from the public Internet.

By configuring your router to open ports for your application, yes. It shouldn't affect anything beyond your router, and in fact shouldn't even travel beyond your own router. Just as uPnP requests should only be accepted from the local network by your router. I know what uPnP is. That's why I'm asking for someone to explain... It doesn't matter if ISPs block uPnP traffic on their network - all ISPs should do this - because that traffic shouldn't have reached their network in the first place.

 

[CMDR_Halceon]

OK, here's an ignorant question. I've seen people talking about uPnP and port forwarding as if one of them has to be active in order to see other commanders and do multiplayer. I've never enabled either of them (and know for a fact that I've disabled uPnP on my router). I still see other players in Open and private groups and haven't had a problem with big meet-ups. There must be some third option--otherwise I would have expected the game software itself to have been much more vocal in telling me what I need to enable--right?. Is this change a signal that things will start working worse if I don't configure something? Or have I been that guy who's bad networking has interfered with everyone else in the instance without realizing it?

 

[Crank Larson]

OK, here's an ignorant question. I've seen people talking about uPnP and port forwarding as if one of them has to be active in order to see other commanders and do multiplayer. I've never enabled either of them (and know for a fact that I've disabled uPnP on my router). I still see other players in Open and private groups and haven't had a problem with big meet-ups. There must be some third option--otherwise I would have expected the game software itself to have been much more vocal in telling me what I need to enable--right?. Is this change a signal that things will start working worse if I don't configure something? Or have I been that guy who's bad networking has interfered with everyone else in the instance without realizing it?

There isn't a third option. If you never configured port forwarding, then I would suspect that uPnP is still enabled on your router. As far as I am aware, the ports are required for the P2P side of things. Having said this, there are ways to program that will avoid both port forwarding and uPnP requirements (on the client), so it is possible that something else is happening.

 

[GreyAreaUK]

There isn't a third option. If you never configured port forwarding, then I would suspect that uPnP is still enabled on your router. As far as I am aware, the ports are required for the P2P side of things. Having said this, there are ways to program that will avoid both port forwarding and uPnP requirements (on the client), so it is possible that something else is happening.

Must be something else then because I've definitely got UPnP off on my router, and no port forwarding.

 

[Crank Larson]

Must be something else then because I've definitely got UPnP off on my router, and no port forwarding.

Interesting. When the servers are back up I may disable the port forwarding to see if things still work. As I say, from a code level it is entirely possible to avoid needing port forwarding - maybe something is happening there.